What happens in apps ends up in search with Google+ Sign-in

Google+ users' collective activities to be shown in results for partner sites.

Facebook's entry into the world of "social search" has Google playing a bit of catch-up. The next step of Google's strategy to keep its overall search dominance is being unveiled today, with the company tapping the pulse of its users a bit deeper by mining their activities at other websites and mobile apps for search gold—all with their permission, of course.

This morning, Google is unveiling a new feature tied to its recently launched Google+ Sign-In platform—an online identity-management feature that allows users to log in to websites and mobile applications using their Google account. Google+ Director of Product Management Seth Sternberg told Ars that Google was working with a select group of partner developers to pull activity information from their apps into Google Search, adding a social element to search results associated with their brands.

Launched in February, Google+ Sign-In is Google's effort to compete head-on with similar social identity services such as "Connect with Facebook" and Twitter's OAuth-based sign-in service. It replaces Google's previous sign-in service, tied to the company's social platform, but gives users the same security features associated with their Google account—including two-factor authentication.

The integration of partner applications with Google+ through the sign-in service extends to sharing activities in a way similar to what Facebook's platform does through "like" buttons and other activity reporting tied to its login service. Based on the privacy setting selected by the user, the apps share activity directly with other Google+ users with "interactive" posts sent to their notification stream—inviting them to join in watching a movie in Flixter, for example, or buy something "shared" directly with them through Fancy.

The integration goes even further for users with Android devices. When someone registers on a website with Google+ Sign-in, "if they have an Android phone," said Sternberg, "on the Web we say, 'hey, we notice you have an Android phone—would you like the Android app?' And if the user says yes, then the app is automatically downloaded onto their phone without them ever touching their phone."

The wisdom of crowds

The feature unveiled today takes the "sharing" aspect of Google+ Sign-In further. In partnership with a group of early Google+ Sign-in adopters—Deezer, Fandango, Flixter, Slacker Radio, Songza, SoundCloud and TuneIn—Google will soon begin aggregating Google+ user activities within those sites and mobile apps, using that data to change how search results for those partners are displayed. Things that are popular within those partner sites will be displayed directly within the results, allowing users to get direct access from Search to the most popular actions on partner sites. The data will be displayed to all Google search users—not just those who have registered a Google+ account.

The activities of Google+ users in these sites and applications are "streaming to Google search," Sternberg said, "letting you know what people are doing in these apps and telling you what is most popular in these apps. It should, we hope, bring even better context to what people are doing within (these apps) to the search experience."

For example, this is how the right column of search for Fandango looks on Google Search today—with the Google Knowledge Graph box for Fandango:

Soundcloud results will change in a similar fashion, showing what songs are popular with Google+ users:

Enlarge/ Soundcloud search results, before (left) and after (right) the addition of Google+ user data streams.

At launch, these changes will only show up on desktop Web searches, Stermberg said, and will be limited to searches on partners' names. But given the work Google has already done around exposing common search tasks for "entities" with Google's Knowledge Graph, it's not a stretch to see how this sort of activity mining could be applied to other partner sites, as well as to generic searches on topics associated with partners. It's the promise of that sort of traffic-driving engine that Google is hoping will grease the skids for developers' adoption of Google+ Sign-In, and draw users into using Google+ even more as a social platform.

56 Reader Comments

This is a good effort, but it's unlikely people are going to switch over to Google+, no matter how many features Google adds to maintain parity or beat Facebook. Partly because all Facebook needs to do is copy the features, and everyone simply starts using Facebook again, and partly because people don't like having to re-create their online profile twice, and then sharing that with people that probably already are on Facebook.

Nonetheless, it pushes Facebook in the right direction, hopefully they provide something similar soon with movie recommendations and whatnot.

The other issue is that Google already knows too much about me, I'd prefer they didn't know about my social life too. That's pretty much the final barrier, and a company that knows that much is too powerful.

When someone registers on a website with Google+ Sign-in, "if they have an Android phone," said Sternberg, "on the Web we say, 'hey, we notice you have an Android phone—would you like the Android app?' And if the user says yes, then the app is automatically downloaded onto their phone without them ever touching their phone.

You know the other thing I won't ever be touching? Any bloody website that harasses me to install an app.

I have absolutely no interest in crowd-sourced decision making for social things. Or in knowing about my internet friends' "collective activities".

This may be correlated to age. When you are young (high school/college/20's), most of your friends share a lot of things in common with you, and you are more likely to be interested in their interests because they a) probably match yours and b) you are still figuring out what you really, really like. As you get older, you are more likely to have acquired a set of friends that are different from you and stronger ideas about your own preferences.

Let's face it -- most companies don't care about older folks. If you are in the 18-34 demographic, you are worth more to them as a potential customer. If you aren't... well that must mean you are ripe for a Jitterbug phone, right?

When someone registers on a website with Google+ Sign-in, "if they have an Android phone," said Sternberg, "on the Web we say, 'hey, we notice you have an Android phone—would you like the Android app?' And if the user says yes, then the app is automatically downloaded onto their phone without them ever touching their phone.

You know the other thing I won't ever be touching? Any bloody website that harasses me to install an app.

This is more like you search "Fandango" and in the right hand column there will be a link to download the app right to your phone. I actually think this could ocassionally be useful.

I have absolutely no interest in crowd-sourced decision making for social things. Or in knowing about my internet friends' "collective activities".

This may be correlated to age. When you are young (high school/college/20's), most of your friends share a lot of things in common with you, and you are more likely to be interested in their interests because they a) probably match yours and b) you are still figuring out what you really, really like. As you get older, you are more likely to have acquired a set of friends that are different from you and stronger ideas about your own preferences.

Let's face it -- most companies don't care about older folks. If you are in the 18-34 demographic, you are worth more to them as a potential customer. If you aren't... well that must mean you are ripe for a Jitterbug phone, right?

Most marketing aims for that demographic because statistically people in the demographic are naive (inexperienced) and easily influenced (peer pressure, puberty, etc.).

But that doesn't mean everyone in the demographic is either. There are always those that buck the trends.

I have a feeling at least 25% of that demographic will never use a service like described because of their independent nature.

This has degraded G+ from I'm not signing up because I see no value to 'Oh hell no!'; and wondering if I should stop using my existing gmail account for OAuth now as a preemptive move against G deciding to either G+ or just this behavior to all account holders in the future.

On one hand, you are replacing many sites some of which likely have really inferior (incompetent) security practices, with a single site that (hopefully) has superior security practices. I do expect that Google is less likely to get hacked to obtain the password files than many other sites.

On the other hand, the single site becomes more of a target, and if anywhere in the security chain breaks you have effectively leaked your password for all of those sites -- exactly what you are cautioned not to do in the conventional advice to have unique passwords for every site. And one shouldn't think the only vulnerability is the one site (e.g. Google) as there are alternatives such as hacking the secondary site to present a false login prompt and capture your universal password.

Ultimately, the convenience is appealing (unique passwords everywhere is a pain), but I think you are losing security overall by participating. (And this ignores any possible privacy cost, which is its own issue.)

I have absolutely no interest in crowd-sourced decision making for social things. Or in knowing about my internet friends' "collective activities".

This may be correlated to age. When you are young (high school/college/20's), most of your friends share a lot of things in common with you, and you are more likely to be interested in their interests because they a) probably match yours and b) you are still figuring out what you really, really like. As you get older, you are more likely to have acquired a set of friends that are different from you and stronger ideas about your own preferences.

Let's face it -- most companies don't care about older folks. If you are in the 18-34 demographic, you are worth more to them as a potential customer. If you aren't... well that must mean you are ripe for a Jitterbug phone, right?

Companies market to that demographic because they are naive and don't worry about things like privacy. Companies market to older people differently because that group actually has more disposable income but aren't as foolish about how they spend it.

i think one factor missing is the need for 2 way 'trust' - always and increasingly, website owners/online publishers/service providers must try to block out 'bad traffic' (hackers, spammers, spoofers, botnets, etc).

Google will need to end up with a 2-tier membership system at least - if not some more sophisticated method of gauaging (and undoubtedly charging for) the 'trustworthiness' of connected parties. (eg: known postal address, legal trading entity, etc, rather then just plain anonymous gmail address). ebay probably comes close to best model.

On the other hand, the single site becomes more of a target, and if anywhere in the security chain breaks you have effectively leaked your password for all of those sites -- exactly what you are cautioned not to do in the conventional advice to have unique passwords for every site. And one shouldn't think the only vulnerability is the one site (e.g. Google) as there are alternatives such as hacking the secondary site to present a false login prompt and capture your universal password.

If you use their email service, most password resets will be sent to that service anyway. This just makes it more convenient.

'hey, we notice you have an Android phone—would you like the Android app?' And if the user says yes, then the app is automatically downloaded onto their phone without them ever touching their phone."

Great. Now I have to make sure I am -not- logged into some Google service when I am browsing the web. Otherwise one stray click and some overbloated app downloads automatically into my phone. And since my phone is severely memory limited, it will more than likely brick my phone. Thanks Google! One more thing to stress me out!

Yet another reason to never touch Google+. Just because people are lazy about security (and privacy!) doesn't make crap like this right... 20 years of the First Rule of Web Security ("don't use the same credentials at multiple sites") seems to be out the window these days thanks to FB & Google encouraging their users to sign in everywhere with their (*SPIT*) social networking accounts.

I have absolutely no interest in crowd-sourced decision making for social things. Or in knowing about my internet friends' "collective activities".

This may be correlated to age. When you are young (high school/college/20's), most of your friends share a lot of things in common with you, and you are more likely to be interested in their interests because they a) probably match yours and b) you are still figuring out what you really, really like. As you get older, you are more likely to have acquired a set of friends that are different from you and stronger ideas about your own preferences.

Let's face it -- most companies don't care about older folks. If you are in the 18-34 demographic, you are worth more to them as a potential customer. If you aren't... well that must mean you are ripe for a Jitterbug phone, right?

Most marketing aims for that demographic because statistically people in the demographic are naive (inexperienced) and easily influenced (peer pressure, puberty, etc.).

But that doesn't mean everyone in the demographic is either. There are always those that buck the trends.

I have a feeling at least 25% of that demographic will never use a service like described because of their independent nature.

Exactly. I'm 16, I don't connect with companies on Facebook, I don't like anything so that they don't have marketing data on me, I block tracking scripts and crap, I don't use apps that do nothing more than the website, and advertising tends to DISCOURAGE me from buying a product, if anything. I'm pretty sure I'm not the kind of person they're trying to target though.

Exactly. I'm 16, I don't connect with companies on Facebook, I don't like anything so that they don't have marketing data on me, I block tracking scripts and crap, I don't use apps that do nothing more than the website, and advertising tends to DISCOURAGE me from buying a product, if anything. I'm pretty sure I'm not the kind of person they're trying to target though.

I like the centralized online identity, but, just like android permissions, I feel like this is going to get out of hand.

If every time I want to download an app, the company is going to want all my google data, I say no thank you. If there isn't a way to opt out of every (or at least most) of the requested permissions (except possibly for my email), I would rather create a fake account for all purposes "Identity"

Funny how I was browsing FB as I was reading this article. I find the ads are just mirrors exactly what I have searched for. Problem for advertisers is I have usually bought what I need by the time the ads show up. Also 2-factor authentication helps protect this whole SSO phase we are going through right now

Just try to change your name in Gmail. I changed my real name to something not recognizable as a first, last name. The google team doesn't like it so they said my G+ account has been suspended. Oh boo-hoo. Looks like I don't get to participate.

This has degraded G+ from I'm not signing up because I see no value to 'Oh hell no!'; and wondering if I should stop using my existing gmail account for OAuth now as a preemptive move against G deciding to either G+ or just this behavior to all account holders in the future.

On the other hand, the single site becomes more of a target, and if anywhere in the security chain breaks you have effectively leaked your password for all of those sites -- exactly what you are cautioned not to do in the conventional advice to have unique passwords for every site. And one shouldn't think the only vulnerability is the one site (e.g. Google) as there are alternatives such as hacking the secondary site to present a false login prompt and capture your universal password.

If you use their email service, most password resets will be sent to that service anyway. This just makes it more convenient.

So if your email account is compromised, that potentially compromises everything else.

That's true, but the inverse situation only exists with single sign-in. For example, a site is hacked to present a false log-in screen and obtains your password. Without single sign-in, that can only happen on your email site. With single sign-in, it could happen on many sites. There are more vulnerabilities now that endanger that email address.

Ultimately you need to be most careful with security on your email account. You seem to be saying the way to deal with that is to not worry about security anywhere else, because if security elsewhere is bad enough then your email is "most secure" by default. That does not seem like a great solution.

I might sign up with this simply to bomb all of my G+ circlers with my eclectic music tastes. I know they're all going to love newretrowave and nugrass.

Facebook has basically lost my trust entirely. Got an alert on Monday that I had notifications waiting. Duly logged in for my weekly check. Go to my notifications page. No notifications. Desire to punch monitor reaches near critical level. Put "find obscure Masonic ritual to purge Facebook from my existence" back on to-do list.

Woke up yesterday to find out George Takei is in my circle. There are 7 people in that particular circle. As far as I know none of us know Mr. Takei personally (or even professionally). And yes, it is really him. I chatted with him last night to verify that.

I don't know if this was some sort of elaborate plot on the part of Google to woo me (I don't think it is, frankly, as Mr. Takei grilled me on why I rated Firefly and Star Wars above Star Trek) but whatever. This is the sort of experience a virtual social network should be providing. Low-key, most unobtrusive service that lets me chat with my friends in a variety of forums, pontificate on things (like the correlation between the location of your law school and your ability to hold your liquor, which was resolved before it even began: New England), and occasionally get introduced to people who are awesome that aren't exactly in your real world social circles.

Just try to change your name in Gmail. I changed my real name to something not recognizable as a first, last name. The google team doesn't like it so they said my G+ account has been suspended. Oh boo-hoo. Looks like I don't get to participate.

This is why I never gave Google my real name to start with. Being a paranoid recluse is an advantage when they ARE out to get you! (or at least all your personal information)

On the other hand, the single site becomes more of a target, and if anywhere in the security chain breaks you have effectively leaked your password for all of those sites -- exactly what you are cautioned not to do in the conventional advice to have unique passwords for every site. And one shouldn't think the only vulnerability is the one site (e.g. Google) as there are alternatives such as hacking the secondary site to present a false login prompt and capture your universal password.

If you use their email service, most password resets will be sent to that service anyway. This just makes it more convenient.

So if your email account is compromised, that potentially compromises everything else.

That's true, but the inverse situation only exists with single sign-in. For example, a site is hacked to present a false log-in screen and obtains your password. Without single sign-in, that can only happen on your email site. With single sign-in, it could happen on many sites. There are more vulnerabilities now that endanger that email address.

Ultimately you need to be most careful with security on your email account. You seem to be saying the way to deal with that is to not worry about security anywhere else, because if security elsewhere is bad enough then your email is "most secure" by default. That does not seem like a great solution.

I don't think you understand how this actually works... Go do some reading

Google already has all that stuff, if you use gmail and have... oh, a credit card with your name that sends you things.

They've SO abused it that I can't trust them with information they already have. Riiight. Plus then you'll miss those fun Ars Hangout against Humanity nights.

jdale wrote:

You seem to be saying the way to deal with that is to not worry about security anywhere else, because if security elsewhere is bad enough then your email is "most secure" by default. That does not seem like a great solution.

No, I'm saying that you're best off with one secure login that does strong authentication, then using a secure trust mechanism between that and third party sites. It doesn't matter if it's OnePassword (or whatever) using maximum entropy hashed passwords to those third party sites as the secure trust mechanism, or Google using oAuth (or whatever) to athenticate you as you. You're still going to need one central mechanism, either controlled by you or a third party. And there's a lot of associated headache with one controlled by you.

[quote="[url=http://arstechnica.com/civis/viewtopic.php?p=24395137#p24395137]Most marketing aims for that demographic because statistically people in the demographic are naive (inexperienced) and easily influenced (peer pressure, puberty, etc.).

I don't think it's naivety. Inexperience, sure, but there's only one way to get that. (And it doesn't always come with age.)

I think the desire is more to target people who not only spend more on entertainment and non-durable goods, but also those who you hope develop a brand loyalty and keep coming back for more.

Quote:

But that doesn't mean everyone in the demographic is either. There are always those that buck the trends.

I have a feeling at least 25% of that demographic will never use a service like described because of their independent nature.

Certainly there are always outliers in the stereotypes that marketing departments target. In both directions.... there's little sadder than a 50 year old posting all her personal and work drama on Facebook and then wondering why people judge her. But marketing departments care about bulk numbers and are going to target the largest groups first.

[ Google already has all that stuff, if you use gmail and have... oh, a credit card with your name that sends you things.

They've SO abused it that I can't trust them with information they already have. Riiight. Plus then you'll miss those fun Ars Hangout against Humanity nights.

Past behavior is not an indication of future actions, particularly involving mega-corporations. Once they have that info about you, they have it. At some point, they may transition from a company who sells ads to a company who sells your information. To a lot of people, it's not a big deal, but it is to me.

I've been dipping my toe into Google Now lately. It's pretty cool, but to get it to work as intended, you have to give your entire life to Now and to Google. Emails, calendars, search, location, purchases, etc. This is just another example of Google trying to learn everything about you, your likes, and your behaviors.

Exactly. I'm 16, I don't connect with companies on Facebook, I don't like anything so that they don't have marketing data on me, I block tracking scripts and crap, I don't use apps that do nothing more than the website, and advertising tends to DISCOURAGE me from buying a product, if anything. I'm pretty sure I'm not the kind of person they're trying to target though.

Does telling someone "You're cynical enough for someone twice your age" instead of being told the same mean I've turned into an old fart?

This is pretty slick. Companies being able to integrate personal data into Google Search is a big win for everyone. Almost starts to turn a standard Google Search into a dashboard of sorts.

I don't understand the complaints of FB vs Google+ too much. This seems more like an effort to have Google as a platform rather than a push for more visible social search. Social search is more of an effect than a cause.